Skills
skills/team2027/browserbase-skills/search/Gen Agent Trust Hub

search

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted content from web search results, creating an indirect prompt injection surface.
  • Ingestion points: Search result titles, URLs, and retrieved page content enter the agent's context through API responses from api.browserbase.com (as seen in SKILL.md and EXAMPLES.md).
  • Boundary markers: The documentation in SKILL.md, EXAMPLES.md, and REFERENCE.md includes explicit safety notes advising the agent to treat results as untrusted and to ignore instructions embedded in result titles or URLs.
  • Capability inventory: The skill uses the Bash tool, which permits network requests (curl) and local file system writes (using shell redirection in EXAMPLES.md).
  • Sanitization: While Example 5 in EXAMPLES.md demonstrates filename sanitization using sed, the actual content fetched from the results is not sanitized before being saved or processed.
  • [COMMAND_EXECUTION]: The skill relies on shell commands to interact with external APIs and handle data.
  • Evidence: Multiple examples in EXAMPLES.md show the use of curl, jq, and sed to perform searches, extract data, and save content to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:59 AM
Security Audit — agent-trust-hub — search